Services: remove unused services (yes, including Cockpit)
This commit is contained in:
parent
0e27201be5
commit
fa9e58e895
|
@ -10,8 +10,6 @@ let
|
|||
services-root = "/storage/services";
|
||||
|
||||
subdomains = [
|
||||
config.secrets.services.airsonic.url
|
||||
config.secrets.services.cockpit.url
|
||||
config.secrets.services.forgejo.url
|
||||
config.secrets.services.gremlin-lab.url
|
||||
config.secrets.services.jellyfin.url
|
||||
|
@ -135,25 +133,6 @@ in
|
|||
enable = true;
|
||||
configText = builtins.readFile ./etc/apcupsd.conf;
|
||||
};
|
||||
airsonic = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
home = "${services-root}/airsonic-advanced";
|
||||
domain = config.secrets.networking.primaryDomain;
|
||||
url = config.secrets.services.airsonic.url;
|
||||
};
|
||||
cockpit = {
|
||||
enable = true;
|
||||
domain = config.secrets.networking.primaryDomain;
|
||||
url = config.secrets.services.cockpit.url;
|
||||
};
|
||||
jellyfin = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
home = "${services-root}/jellyfin";
|
||||
domain = config.secrets.networking.primaryDomain;
|
||||
url = config.secrets.services.jellyfin.url;
|
||||
};
|
||||
autoUpgrade = {
|
||||
enable = false; # Don't update the system...
|
||||
pushUpdates = true; # ...but do push updates remotely.
|
||||
|
@ -162,10 +141,6 @@ in
|
|||
user = config.users.users.aires.name;
|
||||
};
|
||||
boinc.enable = true;
|
||||
cache = {
|
||||
enable = false; # Disable for now
|
||||
secretKeyFile = "${services-root}/nix-cache/cache-priv-key.pem";
|
||||
};
|
||||
duplicacy-web = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
|
@ -182,6 +157,13 @@ in
|
|||
token = config.secrets.services.forgejo.runner-token;
|
||||
};
|
||||
};
|
||||
jellyfin = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
home = "${services-root}/jellyfin";
|
||||
domain = config.secrets.networking.primaryDomain;
|
||||
url = config.secrets.services.jellyfin.url;
|
||||
};
|
||||
msmtp.enable = true;
|
||||
netdata = {
|
||||
enable = true;
|
||||
|
@ -224,8 +206,7 @@ in
|
|||
enable = true;
|
||||
ports = [ config.secrets.hosts.dimaga.ssh.port ];
|
||||
};
|
||||
virtualization = {
|
||||
host = {
|
||||
virtualization.host = {
|
||||
enable = true;
|
||||
user = "aires";
|
||||
vmBuilds = {
|
||||
|
@ -235,7 +216,6 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.aires = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,66 +0,0 @@
|
|||
# Serves a binary cache for Nix packages
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.aux.system.services.cache;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.services.cache = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables binary cache hosting.");
|
||||
secretKeyFile = lib.mkOption {
|
||||
default = "/var/cache-priv-key.pem";
|
||||
type = lib.types.str;
|
||||
description = "Where the signing key lives.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Enable cache service
|
||||
services = {
|
||||
nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = cfg.secretKeyFile;
|
||||
};
|
||||
|
||||
nginx.virtualHosts."${config.secrets.services.cache.url}" = {
|
||||
useACMEHost = config.secrets.networking.primaryDomain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
|
||||
extraConfig = "proxy_ssl_server_name on;";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
extra-substituters = [ "ssh://${config.secrets.services.cache.url}" ];
|
||||
trusted-public-keys = [
|
||||
"${config.secrets.services.cache.url}:mTYvveYNhoXttGOxJj2uP0MQ/ZPJce5hY+xSvOxswls=%"
|
||||
];
|
||||
};
|
||||
|
||||
# Run nightly builds for certain targets
|
||||
systemd.timers."nix-distributed-build-timer" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
Persistent = "true";
|
||||
Unit = "nix-distributed-build.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."nix-distributed-build" = {
|
||||
# Add target names below as a new line
|
||||
script = ''
|
||||
set -eu
|
||||
nh os build --update --hostname Khanda
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = config.users.users.aires.name;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,61 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.aux.system.services.cockpit;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.services.cockpit = {
|
||||
enable = lib.mkEnableOption "Enables Cockpit monitoring.";
|
||||
domain = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "The root domain that Cockpit will be hosted on.";
|
||||
example = "example.com";
|
||||
};
|
||||
url = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "The complete URL where Cockpit is hosted.";
|
||||
example = "https://cockpit.example.com";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:9090";
|
||||
extraConfig = ''
|
||||
# Taken from https://garrett.github.io/cockpit-project.github.io/external/wiki/Proxying-Cockpit-over-NGINX
|
||||
# Required to proxy the connection to Cockpit
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Required for web sockets to function
|
||||
proxy_http_version 1.1;
|
||||
proxy_buffering off;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
cockpit = {
|
||||
enable = true;
|
||||
port = 9090;
|
||||
settings = {
|
||||
WebService = {
|
||||
Origins = "https://${cfg.url} wss://${cfg.url}";
|
||||
ProtocolHeader = "X-Forwarded-Proto";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.nginx.wants = [ config.systemd.services.cockpit.name ];
|
||||
|
||||
};
|
||||
}
|
|
@ -1 +1 @@
|
|||
Subproject commit 6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46
|
||||
Subproject commit d57c296dab0ec1e7c6f28c7741d9a591b35117da
|
Loading…
Reference in a new issue